<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ActiveModel::SecurePassword::ClassMethods</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" href="../../../css/reset.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../../css/main.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../../css/github.css" type="text/css" media="screen" />
<script src="../../../js/jquery-1.3.2.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/jquery-effect.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/main.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/highlight.pack.js" type="text/javascript" charset="utf-8"></script>

</head>

<body>     
    <div class="banner">
        
            <span>Ruby on Rails v4.0.0</span><br />
        
        <h1>
            <span class="type">Module</span> 
            ActiveModel::SecurePassword::ClassMethods 
            
        </h1>
        <ul class="files">
            
            <li><a href="../../../files/activemodel/lib/active_model/secure_password_rb.html">activemodel/lib/active_model/secure_password.rb</a></li>
            
        </ul>
    </div>
    <div id="bodyContent">
        <div id="content">
  


  


  
  


  
    <!-- Namespace -->
    <div class="sectiontitle">Namespace</div>
    <ul>
      
        <li>
          <span class="type">MODULE</span>
          <a href="ClassMethods/InstanceMethodsOnActivation.html">ActiveModel::SecurePassword::ClassMethods::InstanceMethodsOnActivation</a>
        </li>
      
    </ul>
  


  
    <!-- Method ref -->
    <div class="sectiontitle">Methods</div>
    <dl class="methods">
      
        <dt>H</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="ClassMethods.html#method-i-has_secure_password">has_secure_password</a>
              </li>
            
          </ul>
        </dd>
      
    </dl>
  

  
    <!-- Includes -->
    <div class="sectiontitle">Included Modules</div>
    <ul>
      
        <li>
          
            <a href="ClassMethods/InstanceMethodsOnActivation.html">
              ActiveModel::SecurePassword::ClassMethods::InstanceMethodsOnActivation
            </a>
          
        </li>
      
    </ul>
  



  

    

    

    


    


    <!-- Methods -->
        
      <div class="sectiontitle">Instance Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-i-has_secure_password">
            
              <b>has_secure_password</b>(options = {})
            
            <a href="ClassMethods.html#method-i-has_secure_password" name="method-i-has_secure_password" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              <p>Adds methods to set and authenticate against a BCrypt password. This
mechanism requires you to have a password_digest attribute.</p>

<p><a href="../Validations.html">Validations</a> for presence of password on
create, confirmation of password (using a
<code>password_confirmation</code> attribute) are automatically added. If
you wish to turn off validations, pass <code>validations: false</code> as
an argument. You can add more validations by hand if need be.</p>

<p>If you don’t need the confirmation validation, just don’t set any value to
the password_confirmation attribute and the the validation will not be
triggered.</p>

<p>You need to add bcrypt-ruby (~&gt; 3.0.0) to Gemfile to use <a
href="ClassMethods.html#method-i-has_secure_password">has_secure_password</a>:</p>

<pre>gem 'bcrypt-ruby', '~&gt; 3.0.0'</pre>

<p>Example using Active Record (which automatically includes <a
href="../SecurePassword.html">ActiveModel::SecurePassword</a>):</p>

<pre class="ruby"><span class="ruby-comment"># Schema: User(name:string, password_digest:string)</span>
<span class="ruby-keyword">class</span> <span class="ruby-constant">User</span> <span class="ruby-operator">&lt;</span> <span class="ruby-constant">ActiveRecord</span><span class="ruby-operator">::</span><span class="ruby-constant">Base</span>
  <span class="ruby-identifier">has_secure_password</span>
<span class="ruby-keyword">end</span>

<span class="ruby-identifier">user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'david'</span>, <span class="ruby-identifier">password</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>, <span class="ruby-identifier">password_confirmation</span><span class="ruby-operator">:</span> <span class="ruby-string">'nomatch'</span>)
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">save</span>                                                       <span class="ruby-comment"># =&gt; false, password required</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">password</span> = <span class="ruby-string">'mUc3m00RsqyRe'</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">save</span>                                                       <span class="ruby-comment"># =&gt; false, confirmation doesn't match</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">password_confirmation</span> = <span class="ruby-string">'mUc3m00RsqyRe'</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">save</span>                                                       <span class="ruby-comment"># =&gt; true</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-string">'notright'</span>)                                   <span class="ruby-comment"># =&gt; false</span>
<span class="ruby-identifier">user</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-string">'mUc3m00RsqyRe'</span>)                              <span class="ruby-comment"># =&gt; user</span>
<span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by</span>(<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'david'</span>).<span class="ruby-identifier">try</span>(:<span class="ruby-identifier">authenticate</span>, <span class="ruby-string">'notright'</span>)      <span class="ruby-comment"># =&gt; false</span>
<span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by</span>(<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'david'</span>).<span class="ruby-identifier">try</span>(:<span class="ruby-identifier">authenticate</span>, <span class="ruby-string">'mUc3m00RsqyRe'</span>) <span class="ruby-comment"># =&gt; user</span>
</pre>
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-has_secure_password_source')" id="l_method-i-has_secure_password_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/b965ce361b89ad33a4a4b422f8e564233926c723/activemodel/lib/active_model/secure_password.rb#L42" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-has_secure_password_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activemodel/lib/active_model/secure_password.rb, line 42</span>
    <span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">has_secure_password</span>(<span class="ruby-identifier">options</span> = {})
      <span class="ruby-comment"># Load bcrypt-ruby only when has_secure_password is used.</span>
      <span class="ruby-comment"># This is to avoid ActiveModel (and by extension the entire framework)</span>
      <span class="ruby-comment"># being dependent on a binary library.</span>
      <span class="ruby-keyword">begin</span>
        <span class="ruby-identifier">gem</span> <span class="ruby-string">'bcrypt-ruby'</span>, <span class="ruby-string">'~&gt; 3.0.0'</span>
        <span class="ruby-identifier">require</span> <span class="ruby-string">'bcrypt'</span>
      <span class="ruby-keyword">rescue</span> <span class="ruby-constant">LoadError</span>
        <span class="ruby-identifier">$stderr</span>.<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;You don't have bcrypt-ruby installed in your application. Please add it to your Gemfile and run bundle install&quot;</span>
        <span class="ruby-identifier">raise</span>
      <span class="ruby-keyword">end</span>

      <span class="ruby-identifier">attr_reader</span> <span class="ruby-value">:password</span>

      <span class="ruby-identifier">include</span> <span class="ruby-constant">InstanceMethodsOnActivation</span>

      <span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">fetch</span>(<span class="ruby-value">:validations</span>, <span class="ruby-keyword">true</span>)
        <span class="ruby-identifier">validates_confirmation_of</span> <span class="ruby-value">:password</span>, <span class="ruby-keyword">if</span><span class="ruby-operator">:</span> <span class="ruby-identifier">lambda</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">m</span><span class="ruby-operator">|</span> <span class="ruby-identifier">m</span>.<span class="ruby-identifier">password</span>.<span class="ruby-identifier">present?</span> }
        <span class="ruby-identifier">validates_presence_of</span>     <span class="ruby-value">:password</span>, <span class="ruby-value">:on</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:create</span>
        <span class="ruby-identifier">validates_presence_of</span>     <span class="ruby-value">:password_confirmation</span>, <span class="ruby-keyword">if</span><span class="ruby-operator">:</span> <span class="ruby-identifier">lambda</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">m</span><span class="ruby-operator">|</span> <span class="ruby-identifier">m</span>.<span class="ruby-identifier">password</span>.<span class="ruby-identifier">present?</span> }

        <span class="ruby-identifier">before_create</span> { <span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Password digest missing on new record&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password_digest</span>.<span class="ruby-identifier">blank?</span> }
      <span class="ruby-keyword">end</span>

      <span class="ruby-keyword">if</span> <span class="ruby-identifier">respond_to?</span>(<span class="ruby-value">:attributes_protected_by_default</span>)
        <span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">self</span>.<span class="ruby-identifier">attributes_protected_by_default</span> <span class="ruby-comment">#:nodoc:</span>
          <span class="ruby-keyword">super</span> <span class="ruby-operator">+</span> [<span class="ruby-string">'password_digest'</span>]
        <span class="ruby-keyword">end</span>
      <span class="ruby-keyword">end</span>
    <span class="ruby-keyword">end</span>
  <span class="ruby-keyword">end</span>

  <span class="ruby-keyword">module</span> <span class="ruby-keyword ruby-title">InstanceMethodsOnActivation</span>
    <span class="ruby-comment"># Returns +self+ if the password is correct, otherwise +false+.</span>
    <span class="ruby-comment">#</span>
    <span class="ruby-comment">#   class User &lt; ActiveRecord::Base</span>
    <span class="ruby-comment">#     has_secure_password validations: false</span>
    <span class="ruby-comment">#   end</span>
    <span class="ruby-comment">#</span>
    <span class="ruby-comment">#   user = User.new(name: 'david', password: 'mUc3m00RsqyRe')</span>
    <span class="ruby-comment">#   user.save</span>
    <span class="ruby-comment">#   user.authenticate('notright')      # =&gt; false</span>
    <span class="ruby-comment">#   user.authenticate('mUc3m00RsqyRe') # =&gt; user</span>
    <span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">authenticate</span>(<span class="ruby-identifier">unencrypted_password</span>)
      <span class="ruby-constant">BCrypt</span><span class="ruby-operator">::</span><span class="ruby-constant">Password</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">password_digest</span>) <span class="ruby-operator">==</span> <span class="ruby-identifier">unencrypted_password</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-keyword">self</span>
    <span class="ruby-keyword">end</span>

    <span class="ruby-comment"># Encrypts the password into the +password_digest+ attribute, only if the</span>
    <span class="ruby-comment"># new password is not blank.</span>
    <span class="ruby-comment">#</span>
    <span class="ruby-comment">#   class User &lt; ActiveRecord::Base</span>
    <span class="ruby-comment">#     has_secure_password validations: false</span>
    <span class="ruby-comment">#   end</span>
    <span class="ruby-comment">#</span>
    <span class="ruby-comment">#   user = User.new</span>
    <span class="ruby-comment">#   user.password = nil</span>
    <span class="ruby-comment">#   user.password_digest # =&gt; nil</span>
    <span class="ruby-comment">#   user.password = 'mUc3m00RsqyRe'</span>
    <span class="ruby-comment">#   user.password_digest # =&gt; &quot;$2a$10$4LEA7r4YmNHtvlAvHhsYAeZmk/xeUVtMTYqwIvYY76EW5GUqDiP4.&quot;</span>
    <span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">password=</span>(<span class="ruby-identifier">unencrypted_password</span>)
      <span class="ruby-keyword">unless</span> <span class="ruby-identifier">unencrypted_password</span>.<span class="ruby-identifier">blank?</span>
        <span class="ruby-ivar">@password</span> = <span class="ruby-identifier">unencrypted_password</span>
        <span class="ruby-identifier">cost</span> = <span class="ruby-constant">ActiveModel</span><span class="ruby-operator">::</span><span class="ruby-constant">SecurePassword</span>.<span class="ruby-identifier">min_cost</span> <span class="ruby-operator">?</span> <span class="ruby-constant">BCrypt</span><span class="ruby-operator">::</span><span class="ruby-constant">Engine</span><span class="ruby-operator">::</span><span class="ruby-constant">MIN_COST</span> <span class="ruby-operator">:</span> <span class="ruby-constant">BCrypt</span><span class="ruby-operator">::</span><span class="ruby-constant">Engine</span><span class="ruby-operator">::</span><span class="ruby-constant">DEFAULT_COST</span>
        <span class="ruby-keyword">self</span>.<span class="ruby-identifier">password_digest</span> = <span class="ruby-constant">BCrypt</span><span class="ruby-operator">::</span><span class="ruby-constant">Password</span>.<span class="ruby-identifier">create</span>(<span class="ruby-identifier">unencrypted_password</span>, <span class="ruby-identifier">cost</span><span class="ruby-operator">:</span> <span class="ruby-identifier">cost</span>)
      <span class="ruby-keyword">end</span>
    <span class="ruby-keyword">end</span>

    <span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">password_confirmation=</span>(<span class="ruby-identifier">unencrypted_password</span>)
      <span class="ruby-ivar">@password_confirmation</span> = <span class="ruby-identifier">unencrypted_password</span>
    <span class="ruby-keyword">end</span>
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                    </div>

    </div>
  </body>
</html>    